Professional Documents
Culture Documents
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 1
SNMP Messages
• Get
• Set
• Trap - unreliable
• Trap (SNMPv3 uses ACK) - reliable
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 2
Elements of Simple Network Management Protocol
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 3
SNMP in Use for Monitoring the Network
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 4
SNMP in Use for Monitoring the Network
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 5
The Management Information Base (MIB)
• MIB defines each variable as an object ID (OID)
• Organizes the into a hierarchy of OIDs, usually shown as a tree
• MIB for any device includes some branches of the tree with variables common to
many networking devices and branches with variables specific to that device.
• Networking equipment vendors like Cisco can define their own private branches of
the tree
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 6
MIB tree
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 7
Obtaining MIB value with snmpget
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 8
Configuring SNMPv2
There are two types of community strings in SNMP Version 2c:
• Read-only (RO): Provides access to the MIB variables, but does not
allow these variables to changed, only read. Because security is so
weak in Version 2c, many organizations only use SNMP in this read-
only mode.
• Read-write (RW): Provides read and write access to all objects in the
MIB.
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 9
Configuring SNMP Version 2c for Read-Only Access
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 10
Configuring SNMP Version 2c for Read and Write Access
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 11
SNMPv3
• Message integrity: This helps ensure that a packet has not been
tampered with in transit
• Authentication: This helps ensure that the packet came from a
known and trusted source
• Encryption: This helps to ensure that information cannot be read if
the data is captured in transit
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 12
Possible Security modes of SNMPv3
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 13
Syslog
• Syslog permits various Cisco devices (and some other non-Cisco
devices) to send their system messages across the network to syslog
servers
• You can even build a special out-of-band (OOB) network for this
purpose
• There are many different Syslog server software packages for
Windows and UNIX
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 14
Popular destinations for syslog messages
• The logging buffer (RAM inside the router or switch)
• The console line
• The terminal lines
• A syslog server
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 15
Syslogging in the Network
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 16
System Message Format
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 17
Modifying System Messages
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 18
System Message Severity Levels
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 19
Configuring and Verifying Syslog
• R1(config)#logging 192.168.1.101
• R1(config)#logging trap 4
• By default, Cisco routers and switches send log messages
for all severity levels to the console. On some IOS versions,
the device also buffers those log messages by default
• R1(config)# logging console
• R1(config)# logging buffered
• R1# show logging
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 20
References
• Wendell Odom, "Cisco CCNA Routing and Switching ICND2 200-
101 Official Cert Guide", Cisco Press, May 14, 2013.
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 21
Thank you!
Cisco Networking Academy, U.S./Canada © 2013 Cisco Systems, Inc. All rights reserved. Cisco confidential. 22